njrat | b54cbddc24fb9dee08f80d5a163a7fede64a9d0618832238ffcfe92a7659870a

Analysis

max time kernel
148s
max time network
31s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
30-11-2022 18:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b54cbddc24fb9dee08f80d5a163a7fede64a9d0618832238ffcfe92a7659870a.exe
Size

39KB
MD5

623415373058b612f362b55dcea0a3ac
SHA1

637bff768e494b09665ccb3ab6b6d97f915a7020
SHA256

b54cbddc24fb9dee08f80d5a163a7fede64a9d0618832238ffcfe92a7659870a
SHA512

93a2f746066897542829ca618fd8e611f237256bda05857e4198a49773658a6345e9000c4c666b3480768e88262fa77cb03bf0523477a9ed3c31e5c6a7a4a21d
SSDEEP

768:ppD+Zwq3r1uFbaYh+Jnq7az+xRug+n2hpUE+fDNkQp6HwfegB:XD+HZuY5q7az+GgDbUfZkQTfea

Score

10^/10

njrat b hat trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

B HAT

Mutex

1fcb8fb3a4794ae29f1b8ef01d138a35

Attributes

reg_key
1fcb8fb3a4794ae29f1b8ef01d138a35
splitter
|'|'|

Signatures

njRAT/Bladabindi
Widely used RAT written in .NET.
trojan njrat

Suspicious use of AdjustPrivilegeToken 19 IoCs

Processes:

b54cbddc24fb9dee08f80d5a163a7fede64a9d0618832238ffcfe92a7659870a.exe

description	pid	process
Token: SeDebugPrivilege	1812	b54cbddc24fb9dee08f80d5a163a7fede64a9d0618832238ffcfe92a7659870a.exe
Token: 33	1812	b54cbddc24fb9dee08f80d5a163a7fede64a9d0618832238ffcfe92a7659870a.exe
Token: SeIncBasePriorityPrivilege	1812	b54cbddc24fb9dee08f80d5a163a7fede64a9d0618832238ffcfe92a7659870a.exe
Token: 33	1812	b54cbddc24fb9dee08f80d5a163a7fede64a9d0618832238ffcfe92a7659870a.exe
Token: SeIncBasePriorityPrivilege	1812	b54cbddc24fb9dee08f80d5a163a7fede64a9d0618832238ffcfe92a7659870a.exe
Token: 33	1812	b54cbddc24fb9dee08f80d5a163a7fede64a9d0618832238ffcfe92a7659870a.exe
Token: SeIncBasePriorityPrivilege	1812	b54cbddc24fb9dee08f80d5a163a7fede64a9d0618832238ffcfe92a7659870a.exe
Token: 33	1812	b54cbddc24fb9dee08f80d5a163a7fede64a9d0618832238ffcfe92a7659870a.exe
Token: SeIncBasePriorityPrivilege	1812	b54cbddc24fb9dee08f80d5a163a7fede64a9d0618832238ffcfe92a7659870a.exe
Token: 33	1812	b54cbddc24fb9dee08f80d5a163a7fede64a9d0618832238ffcfe92a7659870a.exe
Token: SeIncBasePriorityPrivilege	1812	b54cbddc24fb9dee08f80d5a163a7fede64a9d0618832238ffcfe92a7659870a.exe
Token: 33	1812	b54cbddc24fb9dee08f80d5a163a7fede64a9d0618832238ffcfe92a7659870a.exe
Token: SeIncBasePriorityPrivilege	1812	b54cbddc24fb9dee08f80d5a163a7fede64a9d0618832238ffcfe92a7659870a.exe
Token: 33	1812	b54cbddc24fb9dee08f80d5a163a7fede64a9d0618832238ffcfe92a7659870a.exe
Token: SeIncBasePriorityPrivilege	1812	b54cbddc24fb9dee08f80d5a163a7fede64a9d0618832238ffcfe92a7659870a.exe
Token: 33	1812	b54cbddc24fb9dee08f80d5a163a7fede64a9d0618832238ffcfe92a7659870a.exe
Token: SeIncBasePriorityPrivilege	1812	b54cbddc24fb9dee08f80d5a163a7fede64a9d0618832238ffcfe92a7659870a.exe
Token: 33	1812	b54cbddc24fb9dee08f80d5a163a7fede64a9d0618832238ffcfe92a7659870a.exe
Token: SeIncBasePriorityPrivilege	1812	b54cbddc24fb9dee08f80d5a163a7fede64a9d0618832238ffcfe92a7659870a.exe

C:\Users\Admin\AppData\Local\Temp\b54cbddc24fb9dee08f80d5a163a7fede64a9d0618832238ffcfe92a7659870a.exe
"C:\Users\Admin\AppData\Local\Temp\b54cbddc24fb9dee08f80d5a163a7fede64a9d0618832238ffcfe92a7659870a.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1812

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1812-54-0x0000000000E30000-0x0000000000E40000-memory.dmp

Filesize
64KB

Download
memory/1812-55-0x00000000001E0000-0x00000000001EC000-memory.dmp

Filesize
48KB

Download
memory/1812-56-0x00000000753F1000-0x00000000753F3000-memory.dmp

Filesize
8KB

Download